Parliamentary Committee raises concern with MeitY over DPDP Act implementation lag
Only 20 workshops, 4 expert sessions held so far, MeitY informed Lok Sabha on July 25. Parliamentary committee demanded faster rollout and clearer roadmap for safeguarding citizens' data under DPDP Act, 2023.
ADVERTISEMENT
The Parliamentary Standing Committee on Information and Communications Technology has raised concerns over the slow rollout of India’s Digital Personal Data Protection (DPDP) Act, 2023, urging the Ministry of Electronics and Information Technology (MeitY) against missing the mark on protecting citizens’ data privacy.
In its review of the government’s response to earlier recommendations, the committee, during the report presented in Lok Sabha on July 24, found that MeitY had only managed to conduct 20 awareness workshops and 9 consultations on the Draft DPDP Rules, 2025. Additionally, with respect to R&D scheme, four brainstorming sessions with academic experts were held to explore research and development needs, which the Ministry itself admits is a niche area in need of urgent industry participation.
"...it has been found that it is niche area, which need industry participation for developing potential and promising applications which may further support to various stakeholders towards DPDP compliance in terms of security safeguards etc.," the Ministry said.
While the Ministry claims to have developed a beta version of the “Digital Office” envisioned under the Act, the committee remained unconvinced. It has now urged MeitY to implement DPDP-related projects “in right earnest” and ensure timely achievement of its objectives, especially in light of increasing privacy concerns, regulatory gaps, and data security threats.
“The Committee would like to impress upon the Ministry to implement these projects in right earnest and ensure that the intended objectives are achieved on time,” the panel wrote in its comments.
The Committee also reviewed the National Cyber Coordination Centre (NCCC) project, an infrastructure aimed at generating nationwide situational awareness of cyber threats and enabling real-time coordination among stakeholders. While Phase I of NCCC was operationalized in 2017, Phase II, which includes the integration of 250 monitoring sites, was supposed to be completed by end of FY 2024-25. The Committee also asked MeitY for a status update on whether that target is still within reach.
The Ministry had released the draft DPDP Rules on January 3, 2025. These rules are intended to clarify and facilitate the implementation of the Digital Personal Data Protection Act, 2023. The draft rules were released for public consultation, with comments accepted until March, 2025.
